Going to their website, I saw only what is pictured at the left. Then I called their web hosting service and asked them to look at their server logs.  It seems someone with the username and password to the website (a disgruntled employee?) logged in and deleted the entire website.

A website backup isn’t a backup unless you can restore it

Fortunately, this web hosting service backs up the entire site every 24 hours

Unfortunately, each backup overwrites the previous backup, and this site was deleted more than 7 days ago! So we have 7 backup files, each with no data in it.   Should I tell you how BAD this is??

Ask your web hosting service how often they backup your website

So how can you learn from this experience? Call you web host and ask them how often they backup.Most good web  hosts backup daily, but don’t count on it. Ask.

Full or incremental website backups?

Then ask your host if these backups are full or incremental. A full website backup is just what it sounds like, a complete backup of your website pages (but probably not your database, see below). This means all current pages are packaged nicely in a single compressed file, and can be readily restored in minutes.

An incremental website backup consists a full backup, and then daily backups of the CHANGES on your web site (again, not including database changes).  Restoring from an incremental backup is a little more work. . . the full backup gets restored, and then every incremental backup since then gets restored.

How long is your backup retained?

This is the crux of the problem with the client I mentioned above. The web hosting service only retains backups for 6 days. Every Sunday, they overwrite last Sunday’s backup, and so on, every day of the week. This works great if you accidentally delete a file and then find out that you made a mistake. It’s quick and easy to restore the file. But if you discover that your website has been hacked more than 7 days ago, you’re out of luck!! 

Ask your web hosting service how long they retain a backup. If their schedule works for your situation, no problem. If it doesn’t, ask what other backup options they have.

Where is your backup stored?

Most web hosts store the backup on the same server that your website is hosted on.

Convenient? Yes.

Safe? No!!

When the server fails, and it WILL fail eventually, everything is lost if your backup is on that server, too. I learned this lesson the hard way. Make sure that your backups are stored on a different server.

What about my database(s)?

If you website stores its data in a database (ask your webmaster), you’ll need to make provision to backup the database, too. This is actually the easiest part, ans there are lots of programs available to quickly backup even a very large database into a manageable package. If your website uses a database (and most do these days), backing up that data is even more important that backing up the files on your server. Your webmaster probably has a copy of the original files (check with him/her to be sure), but the most current data is in your database. Be sure you back it up regularly!

Is there an easy way to do this?

Yes. . . in fact there are several easy ways to do this. First, talk with you web host and see what they are willing to do for you. If they want to keep you as a custiomer, they can get pretty creative. Be sure to TEST whatever solution they provide, to make sure you get a complete and reliable backups for both your web pages and database.

If you have access to your CPanel, you can generate a full backup of your website AND its databases in just a few clicks (use the Backup Wizard). Then you can save this backup on you computer at your desk. Where it’s safe and sound. If you use this method, be sure to do it regularly.

You could hire a programmer to create a script that uses the CPanel  backup wizard and that then stores the backups on another server. This is a very good solution. If you go this direction, be sure to thoroughly TEST the integrity of the backups, both the website AND the database(s).

For most small business websites, you could have your programmer create a script that compresses all the web pages and the database, and emails the whole package to you. This could run on a daily or weekly basis, depending on your needs.

There are also several online solutions, although I haven’t tested any of these. This could be a good way to go for some businesses.

One size does not fit all

Your backup needs are different from mine. Think through what you need to accomplish with your backups. How often? Where should they be stored? Who should have access to them? What’s your website worth to you (yes, in dollars and cents)? Would it be worth it to hire someone to custom-build a backup solution for you?

Please don’t end up like my past client, calling me about a website that mysteriously disappeared. . . without a good backup!

I use a secure network to access the Internet from my home office, but often take my laptop with me to public locations to work or meet with clients.

Make a quick change to Gmail’s settings and you’ll be connecting securely no matter where you are.

1. Access your Gmail account.

2. Click Settings at the top right side of your Gmail page.

3. At the General Tab, go down to the Browser connection: and choose Always use https.

4. Then Click Save Changes and you’re done.

Now , when you read your emails, your browser address will start with https and not the usual http. That’s all you need to do!

Most of of us either use one username/password for everything or have a variety passwords on Post-It notes around our monitor. Neither of these is a very secure solution. Best practices for computer security require a strong password, but one that you can remember.

It’s pretty easy for hackers to break a password when it’s only a few characters long or it uses a dictionary word (even if it is suffixed with a couple of digits, a hybrid dictionary attack breaks it pretty fast).

The Components of a Secure Password

The basics of creating a secure password:

• Include punctuation marks (,.;), special characters (!#$%^) and numbers.
• Mix capital (uppercase) and lowercase characters.
• Create a unique acronym.
• Short passwords should be 8 chars at least.

Some potential weaknesses to avoid:

• Don’t use a password that is listed as an example or public.
• Don’t use the same password you have been using for years.
• Don’t use a password someone else has seen you type.
• Don’t use a password that contains personal information (names, birthdays or dates that are easily related to you)
• Don’t use words or acronyms that can be found in a dictionary.
• Don’t use keyboard patterns (qwerty) or sequential numbers (12345).

Keeping Your Password Secure

Once you have a good password it’s equally important to keep your password secure:

• Never tell anyone your password or use it where someone can observe it.
• Never send your password by email or say it where others may hear.
• Occasionally verify your current password and change it to a new one.
• Avoid writing your password down. (Keep it with you in a purse or wallet if you have to write down the password until you remember it.)

And never label that scrap of paper in any way. Write it down on an the back of an old business card or something that doesn’t indicate it’s a password. Don’t give anyone who finds (or gains access to) your purse/wallet any clue of what the password means or what it is related to.

Security vs. Usability

128 bit entropy in a password requires a long randomized passphrase, which wouldn’t be very usable, there has to be a trade somewhere between security and usability.

You can also use online password generators such as http://makemeapassword.com/, the problem with these however, is that they do create strong passwords but they aren’t easy to remember, which kind of defeats the purpose.

Another thing you can do is use something like a password safe to keep all the hard to remember passwords in one place, the one I would recommend is from Bruce Schneier and is actually called “Password Safe”.

Password Safe is an Open Source (free) tool that allows you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords. Password Safe runs on PCs under and version of Windows.

You can find it here: http://passwordsafe.sourceforge.net/